Privacy Policy – MySupportHub

.
This privacy policy “Policy” describes how CuraLinc Healthcare and our entities globally (“CuraLinc”, “we”, “us” or “our”) collects, protects and uses the personally identifiable information (“Personal Information”) you (“User”, “you” or “your”) may provide while using any of its products or services (collectively, “EAP Services” or “Services”). It also describes the choices available to you regarding our use of your Personal Information and how you can access and update this information. This Policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.

CuraLinc, LLC (“CuraLinc Healthcare” or CuraLinc”) is committed to protecting all personal and private information in accordance with any and all applicable laws, regulations and standards, including without limitation any standards established in the United States under the Health Insurance Portability and Accountability Act, HITECH (Health Information Technology for Economic and Clinical Health Act and in the United Kingdom under the Data Protection Act of 2018. In the case of our services within the European Union, CuraLinc is subject to the General Data Protection Regulation (Regulation (EU) 2016/679), effective as of May 25, 2018. The legal basis of EU-US data transfer is based on EU Model Clauses (Standard Contractual Clauses) and the derogations as per Art.49 of GDPR. CuraLinc is liable for in cases of onward transfers to third parties.

Our privacy policy is designed to protect the privacy of individuals. It explains what information we collect from visitors to this site during the duration of our relationship, how we use that information, and how visitors can update and verify the uses of the information provided on this site. We will update this policy from time to time to protect your personal information. We encourage you to review this policy from time to time to keep up to date on how we use and protect your information and continually improve the content of our portal. If we make material changes to the collection, use and/or disclosure of personal information you provide to us, we will notify you by posting a clear and highly visible notice on the portal. By using the portal, you agree to the terms of this Privacy Policy.

CuraLinc maintains appropriate administrative, technical and physical safeguards designed to protect your personal information in accordance to the applicable law. CuraLinc uses industry standard encryption on this portal. Unfortunately, the transmission of information via the Internet is not completely secure. Although CuraLinc will do its best to protect your personal data, CuraLinc cannot guarantee the security of your data transmitted to this portal; any transmission is at your own risk.

CuraLinc will not evaluate any computer, tablet, or other mobile device that you may use to access CuraLinc’s services for the secure handling of your personal information. CuraLinc disclaims any liability for any loss resulting from any security and data protection shortfalls originating from your own electronic devices.

What kind of information do we collect?

You must be registered with CuraLinc Healthcare to have access to our services and this portal. CuraLinc may collect some information from interactive features such as online surveys, contact and registration forms, and through the use of ‘cookies’ as explained below. The information CuraLinc receives in such a manner depends on the settings on your browser. For example, if you visit this portal to read or download information, such as information about a health condition or about one of CuraLinc’s products, CuraLinc may collect certain anonymous, unrestricted, non-personal information about you from your computer, including the type of web browser software you use, the links that you select, traffic data, the name of your Internet domain, the Internet address of the portal used for access, location data, the pages you have visited on this portal, web logs and other communication data. Depending on your choice to use certain features on this portal (i.e. eConnect, Animo Digital Behavioral Health, Textcoach®, etc.), CuraLinc may with your explicit consent collect and process personal information which may include:

Name
Date of birth/other vital statistics records
Email address
Physical/mailing address
Telephone number
Personal health information

For certain services (telephone based counseling and anonymous chat), users are free to remain anonymous. However, we will be able to provide limited services only. Users who are uncertain about what information is mandatory are welcome to contact us or discuss with our counselor when you contact us for any services.

Apart from the data mentioned above, CuraLinc may collect additional data depending upon the platform which you use to connect to CuraLinc (mobile application, etc.). The details are listed in the appropriate sections below.

What kind of information do we collect (Single sign on)

Access to our applications through the Single Sign-On (SSO) feature provided by your Employer shall be limited to sharing of sign-in information only, which is known to the Employer. CuraLinc does not collect your password or other credentials. Your Employer does not have access to any communication between you and CuraLinc.

What kind of information do we collect (Mobile Application)?

When you use the Mobile Application, our servers automatically record information that your device sends. This data may include information such as your device’s IP address and location, device name and version, operating system type and version, language preferences, information you search for in our Mobile Application, access times and dates, and other statistics. You will be able to control the permissions for location and other device specific parameters based on your device (e.g., location, notification). If you choose not to allow this access, some services may not operate effectively as expected.

If you wish to use the Mobile Application’s features, you will be asked to provide certain Personal Information (for example, your name and e-mail address). We receive and store any information you knowingly provide to us when you create an account or fill any online forms in the Mobile Application. When required, this information may include your email address, name, phone number, or other Personal Information to complete the registration. If you choose not to provide us with your Personal Information, then you may not be able to take advantage of the Mobile Application’s features. Users who are uncertain about what information is mandatory are welcome to contact us.

What are cookies?

While visiting this portal, CuraLinc may place text files called ‘cookies’ on your computer. Any information that CuraLinc collects using cookies is non-personal information. The cookies on this portal are strictly session cookies used for authentication. Those cookies time out or are destroyed once you leave the portal. You are always free to decline to accept CuraLinc’s cookies, as permitted by your browser; however, some functions of this portal may not work properly if you choose to do so.

Through the use of cookies, pixel tags/web beacons, and similar technologies, CuraLinc may use third-party tracking and advertising providers to act on CuraLinc’s behalf to track and analyze usage of this portal; the third-party provider may use this information for the purpose of evaluating your use of the portal, compiling reports on portal activity and providing other services for CuraLinc relating to portal activity and internet usage. Your browser’s IP address, transmitted for analytical purposes, will not be associated with any other data held by the third-party analytical service provider. If you choose to accept a cookie, you can delete it at any time through your web browser. If you do not wish to receive cookies or wish to manage the acceptance cookies in general, you may set your browser to reject cookies or to alert you when a cookie is placed on your computer. To choose to decline specific cookies, please see the following link: www.networkadvertising.org/choices/#completed.

Types of cookies

Necessary or Essential Cookies: These cookies are essential for the functioning of the website. They cannot be switched off in the systems and are usually only set in response to actions made by a person that amount to a request for services, such as privacy preferences, logging in or filling in forms.
Preference or Functional Cookies: These cookies allow a website to remember information that changes the way a website behaves or looks. They remember user preferences, like language selection, region and the user interface’s customization.
Analytics or Statistics Cookies: These cookies collect information on how websites are used, helping the business to understand the effectiveness of their product. They provide statistics on visitors, such as the number of visitors, the tracking of user’s journey, etc., that can be used for improvements.
Marketing or Advertising Cookies: They track user’s online activity to help advertisers deliver more relevant advertising. These cookies can share that information with other organizations or advertisers.
Social Media Cookies: These cookies allow the user to share pages and content through third-party social media and other websites.

Cookies that we use

Below is a table providing the details of the cookies used on our website, including their names, descriptions, type and duration.

Cookie Name	Description	Type	Duration
PHPSESSID	Identifies a user’s session on the website	Necessary	Session
vanguard_session	Identifies a user’s session on the website	Necessary	Session
crssid	Internal group identifier. Used for generating Flash Course certificates	Necessary	Session
crsid	Internal page identifier. Used for generating Flash Course certificates	Necessary	Session
crsurl	Group’s homepage URL. Used for generating Flash Course certificates	Necessary	Session
landing	URL to redirect to and from mobile app	Functional	5 minutes
announcements	List of banners the user has chosen to dismiss or no longer view	Functional	Persistent
wp_lang	Language selected by user, used for localization	Functional	1 year
wp_lang-id	Internal language ID, used for localization	Functional	1 year
wglang	Used to store the current language selected by the user	Functional	Persistent
wg-translations	Used to provide localization functionality	Functional	Persistent
ZD-Suid	Used to store unique session identifier	Statistics	20 minutes

Managing personal information

You are able to access, update and delete certain Personal Information about you. The information you can view, update and delete may change depending on the services. When you update information, however, we may maintain a copy of the unrevised information in our records. We will retain and use your Personal Information for the period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements unless a longer retention period is required or permitted by law. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. For statistical purposes, we use only anonymized data. Once the retention period expires, Personal Information shall be deleted or anonymized. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.

How will your personal information be used?

Any of the information we collect from you may be used to provide you services, contact you in relation to our services, keep you updated about our offerings, personalize your experience; improve our services/products; improve customer service and respond to queries and emails of our customers; send notification emails such as password reminders, updates, etc.; run and operate our Platform and Services. Information collected automatically is used only to identify potential cases of abuse and establish statistical information regarding website/mobile application traffic and usage. This statistical information is not otherwise aggregated in such a way that would identify any particular user of the system.

Your employer will not have access to your Personal Data stored on CuraLinc systems. However, if your employer offers an incentive plan that offers rewards for completion of CuraLinc’s online programs or assessments, with your explicit consent, CuraLinc may share your personal information with your employer including your name, employee identification, and details of which online programs or assessments you have completed including the dates. Neither the scores nor responses from your online programs or assessments will be disclosed to your employer as part of an incentive plan.

If your employer provides a coaching plan that includes an outreach call from a CuraLinc Care Advocate, with your explicit consent, a Care Advocate may contact you using the contact information and preferences you provide. Your employer will not be given any detail regarding the content of your discussion with a Care Advocate.

CuraLinc is the data controller with respect to the personal data collected directly from the members of our Services. We may process Personal Information related to you if one of the following applies: (i) You have given your consent for one or more specific purposes. Note that under some legislations we may be allowed to process information until you object to such processing (by opting out), without having to rely on consent or any other of the following legal bases below. This, however, does not apply, whenever the processing of Personal Information is subject to European data protection law; (ii) Provision of information is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof; (iii) Processing is necessary for compliance with a legal obligation to which you are subject; (iv) Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in us; (v) Processing is necessary for the purposes of the legitimate interests pursued by us or by a third party. In all cases we will reach out to you for additional consent in case of further processing is required.

In any case, we will be happy to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Information is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Information Transfer and Storage

CuraLinc may transfer the personal information collected about you to countries other than the country in which the information was originally collected. These transfers will be to a service center operated by CuraLinc or one of CuraLinc’s network of providers in order to provide you with the service you requested. CuraLinc adheres to adequate safeguards required for the international transfers of your personal information outside of the European Economic Area. If you are located in the European Union, CuraLinc may transfer data outside of the European Union in accordance with standards set forth by European Union law including the derogations based on Article 49 of GDPR and the EU model clauses. Nevertheless, access to your personal information may be provided only on a “need-to-know” basis so that CuraLinc may deliver its services upon your request; your personal information will not be disclosed to any other person or entity other than in aggregate reports or in de-identified form without your consent. The storage of EEA personal data is maintained in the United States.

Who do we share your information with?

We do not sell your email address or other information identifying you to third parties. However, we do share your information with companies that are part of CuraLinc or with selected third parties in order to pursue the objectives set out in this policy, in other contacts with you or on the site (e.g., “survey or informational content” that send you additional information material that may be of interest to you).

We disclose information about you to others when we believe in good faith that we are required by law or legal process to respond to claims or to protect the rights, property or safety of CuraLinc or others.

What information may be required to be disclosed?

Under certain circumstances CuraLinc may be required to disclose personal data. These circumstances include those required by applicable law and as set out in Article 6.1 of the GDPR, which establishes that processing shall be lawful only if and to the extent that at least one of the following applies:

the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract
processing is necessary for compliance with a legal obligation to which the controller is subject;
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

What are your rights?

You have certain rights regarding the personal information CuraLinc collects and maintains about you. CuraLinc offers you choices about what personal information is collected from you, how that information is used, and how CuraLinc communicates with you:

You can expect that CuraLinc will collect and process your personal information fairly and in accordance with applicable law.
You can choose not to provide personal information to CuraLinc by refraining from using features and programs that request your personal information.
You can elect not to have a unique cookie identification number assigned to your computer.
Your personal data may be used for statistical analysis and reporting purposes in a manner that does not identify you in any way.
You may agree to the release of any or all of your personal information to anyone or any organization by giving your consent to CuraLinc; otherwise, your personal data will not be routinely released unless CuraLinc has a legal obligation to do so.
You may withdraw any consents you previously provided to CuraLinc, or, on legitimate grounds, object at any time to the processing of your personal information or specific categories of data that you consider sensitive.
You have the right of data portability so that you can retrieve and reuse your personal information for your own purposes.
You have the right to request at any time correction of any error(s) in your personal information that is collected and processed by CuraLinc.
You have the right to lodge complaints with any supervisory authority.
You have right, under certain circumstances, to invoke binding arbitration to resolve any dispute regarding the collection, processing, retention, and/or release of your personal information.
You may, subject to local law requirements, have the right to (a) to request access to and receive information about the personal information CuraLinc collects and maintains about you; (b) update and correct inaccuracies in your personal information; and (c) have your personal information blocked or deleted, as appropriate.
You have the right to ask CuraLinc to no longer collect your personal information for information purposes (e.g. sending information to you by email or SMS text; asking your opinion on CuraLinc products and services) by withdrawing your consent. You can exercise your right to withdrawal at any time by contacting CuraLinc.
To the extent that it applies to the holding, collection, use or disclosure of your personal information, you may complain about a breach of Privacy Policy by CuraLinc by contacting the Data Protection Officer of CuraLinc at the address provided below. On receiving your complaint CuraLinc will respond within the timeframe set by the applicable law.

California privacy rights

In addition to the rights as explained in this Privacy Policy, California residents who provide Personal Information (as defined in Cal. Civ. Code § 1798.140(o)(1) as amended) to obtain products or services for personal, family, or household use are entitled to request and obtain from us, once a calendar year, information about the Personal Information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of Personal Information and the names and addresses of those businesses with which we shared such personal information for the immediately prior calendar year (e.g., requests made in the current year will receive information about the prior year). To obtain this information please contact us by email with your request details at [email protected].

California residents may also have a right to have their Personal Information deleted from CuraLinc’s servers. If you wish to have your Personal Information deleted, please provide identifying information to us by email at: [email protected].

What is CuraLinc Healthcare’s portal policy for children?

This portal is not directed to, or developed for, minor children. If you have not reached the age of majority, you may not use this portal unless supervised by an adult. CuraLinc’s goal is to comply with applicable laws and regulations relating to collection and use of information relating to children. If you believe that CuraLinc has received information from a child or other person protected under such laws, please notify us immediately by email at: [email protected]. You must also be at least 18 years of age to consent to the processing of your Personal Information in your country (in some countries we may allow your parent or guardian to do so on your behalf).

Does CuraLinc Healthcare refer you to third party websites?

This portal may contain links to websites operated and maintained by third parties as well as links to products and services provided by third parties; any such link is provided for your convenience. CuraLInc has no control over such third parties, their websites, or their products or services. Privacy policies for such linked sites may be different from CuraLinc’s privacy policy; for the avoidance of doubt, this Policy applies only to your use of the EAP Services. Your access and use of any such linked sites or products or services is at your own risk.

Security of your data

Your personal data provided to us will be secured by taking all technical and organizational security measures in such a way that they are inaccessible for access by unauthorized third parties. When sending very sensitive data or information, it is recommended to use the postal service, as complete data security by e-mail cannot be guaranteed.

Duration of storage

The personal data provided by you will be stored by us for the duration of use of the portal, our services or in the event of the provision of information, services or support until expiry of the applicable statutory storage period, taking into account the basic principles of the GDPR and the local laws to the permissible extent. With respect to European Union participants, data is retained for three (3) years from the date of case closure.

Data breach

In the event we become aware that the security of the applications and/or platform has been compromised or users Personal Information has been disclosed to unrelated third parties as a result of external activity, including, but not limited to, security attacks or fraud, we reserve the right to take reasonably appropriate measures, including, but not limited to, investigation and reporting, as well as notification to and cooperation with law enforcement authorities. In the event of a data breach, we will make reasonable efforts to notify affected individuals if we believe that there is a reasonable risk of harm to the user as a result of the breach or if notice is otherwise required by law. When we do, we will notify you via email.

Legal disclosure

We will disclose any information we collect, use or receive if required or permitted by law, such as to comply with a subpoena, or similar legal process, and when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. In the event we go through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, your user account, and Personal Information will likely be among the assets transferred.

Jurisdiction and Applicable Law

The laws of the State of Illinois govern this Policy to the extent as not overruled by applicable local law such as the GDPR for data subjects within the EEA or national laws regulating the data for other jurisdictions based on the scope. You irrevocably consent to the jurisdiction of the courts located in the County of Cook, State of Illinois, U.S.A. for any action arising out of or relating to this Statement if no local law gives you the inevitable right to apply to your local court. If the information and materials presented on this website/application includes the sale of goods (e.g. publications, books), then any following rights and obligations that you or CuraLinc may have shall not be governed by the United Nations Convention on Contracts for the International Sales of Goods (“CISG”) and its application is excluded. You may be able to access this site from any region in the world. If your use of any benefit offered by this portal conflicts with the laws of your region, then CuraLinc Healthcare respectfully requests that you do not use this portal; you are responsible for your own knowledge and understanding of the laws of your region as well as your compliance with them.

Data Processing

EU General Data Protection Regulation. In case of processing of personal data to which the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) is applicable, the information below pursuant to EU General Data Protection Regulation (“GDPR Privacy Notice”) shall apply in addition to the above. In such case, in the event of any conflict between the above and the GDPR Privacy Notice, the provisions of the GDPR Privacy Notice shall prevail.

This GDPR Privacy Notice applies to the processing of your personal data by CuraLinc, LLC, a company incorporated and existing under the laws of U.S.A, with its registered office at 314 West Superior Street, Chicago, IL 60654, ID No.: 33-1206383 (“CuraLinc” or “We”), to which the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, “GDPR”) is applicable.

Who processes your personal data?

CuraLinc decides why and how your personal data is handled and is therefore the data controller.

CuraLinc may transfer your personal data to other CuraLinc group companies and companies that provide services to CuraLinc (such as providers of software or IT services) and that work with your personal data as processors. CuraLinc may transfer your personal data to public authorities or other third parties if it is obliged to do so under applicable laws or is permitted to do so by applicable laws.

Your employer will not have access to your personal data stored on CuraLinc systems. However, if your employer offers an incentive plan that offers rewards for completion of CuraLinc’s online programs, with your explicit consent, CuraLinc may share your personal data with your employer including your name, employee identification, and details of which online programs you have completed including the dates. Neither the scores nor responses from your online programs will be disclosed to your employer as part of an incentive plan.

What is the purpose of the data processing?

We are working with your personal data in order to enable you to use CuraLinc’s services and/or platform (employee assistance program), as you decide to use them.

What is the legal basis for processing?

We work with your personal data on the basis of the following legal titles:

The processing is necessary for the performance of an agreement to which you are a party and which governs the terms and conditions of your use of CuraLinc’s services and/or platform (employee assistance program).

In the event you provide us with your personal data relating to your health, such information will be processed on the basis of your consent.

Where and how will the data be processed?

Your personal data will be processed in the USA. Your personal data may also be transferred to another third country (a country outside the EU), including countries that do not guarantee an adequate level of protection of personal data according to the GDPR. For transfers of personal data to third countries that are not covered by the European Commission’s adequacy decision, CuraLinc has taken all necessary measures and safeguards to ensure that personal data is afforded an adequate level of protection as required by applicable law by attaching a standard contractual clause in the wording of the relevant European Commission decision.

If you wish to get more information about the measures and safeguards taken or obtain a copy, please contact us at the contact details stated in Article below.

Automated decision-making

In relation to your personal data, automated decision-making and profiling may occur to a reasonable extent, in particular to personalize the user experience and provide personalized recommendations. Automated decision-making involves the use of algorithms and computer programs to analyze personal data and make decisions without human intervention. Profiling is a type of automated decision-making that involves analyzing personal Data to make predictions or decisions about an individual. The information we have for you is made up of what you tell us and data we collect when you use our services or from third parties we work with, such as name, address, age, gender and platform engagement.

You will not be subject to decisions that will have a significant impact on you based solely on automated decision making or profiling, unless we have a lawful basis for doing so and we have notified you. Our legal basis for using automated decision making is legitimate interest. We comply with the General Data Protection Regulation (GDPR) and other relevant laws and regulations.

You may have the right to restrict or object to us using your personal information or using automated decision-making or profiling. Opting out of automated decision-making and profiling may result in reduced personalization. To exercise these rights or ask questions about our privacy policy, please contact our Data Protection Officer at [email protected] or CuraLinc Healthcare, 314 West Superior Street, Chicago, IL 60654 Attn: Data Protection Officer.

How long will the data be processed?

What are your rights in connection with the data processing?

As this is guaranteed by the applicable data protection legislation, in particular the GDPR, you may request from us (i) access to your personal data processed by us, (ii) restriction of the processing of your data, (iii) rectification of your data, (iv) erasure of your data; (v) you may object to the data processing; (vi) you may exercise your right to data portability; and (vii) in the case of personal data processed on the basis of your consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

To exercise any of these rights, please contact us. If you believe that we are violating the law by processing your personal data, you can file a complaint with the national supervisory authority.

You can contact us at

[email protected] or via the following mailing address:

CuraLinc Healthcare

314 West Superior Street

Chicago, IL 60654

Attn: Data Protection Officer

Please be aware that email is not the most secure way of communication, we therefore recommend not to send sensible personal data via email in the first instance.

Consent

By continuing to use this portal, you acknowledge that you have read, understand and agree to be bound by all terms and conditions and disclaimers for the use of this portal and services provided by this portal. Our general terms of use and privacy practices are updated periodically. CuraLinc Healthcare encourages you to review our policies each time you visit this portal.

Any other questions or concerns

If you have any questions or concerns about our privacy policy or the collection of your information, you can contact us at any time by sending an email to [email protected] or via the following mailing address:

CuraLinc Healthcare

314 West Superior Street

Chicago, IL 60654

Attn: Data Protection Officer

Please be aware that email is not the most secure way of communication, we therefore recommend not to send sensitive personal data via email in the first instance.